NFS Deny Access
Hello all,
I have an NFS Server where I want give access to a specific address to a specific path. Problem is that I have some other shares active which I do not want the specific IP to not access it.
The /etc/exports looks like the following:
/nfs/Share1
One thought on - NFS Deny Access
Thomas Plant via CentOS wrote:
I don’t know of an option to exclude a single host – but you might be able to do something clever with the ‘refer’ option …
BTW, the export man page says that you shouldn’t use wildcards in IP
network addresses – i.e. instead of exporting to ‘10.10.*’, you should use ‘10.10.0.0/16’
So something like the following may work:
/nfs/Share1 10.10.193.43(rw,refer=/dummy@127.0.0.1) 10.10.0.0/16(rw)
/nfs/Share2 10.10.193.43(rw,refer=/dummy@127.0.0.1) 10.10.0.0/16(rw)
/kdnbckp/CS21 10.10.193.43(rw)
The above _should_ cause the client at 10.10.193.43 to attempt to mount
“/dummy” from itself when it tries to mount either /nfs/Share1 or
/nfs/Share2 from the server – and if “/dummy” isn’t exported from itself
(or if NFS isn’t running), then the mount will fail …
However, I believe the refer= option is NFSv4 only – so if the client attempts an NFSv3 mount, it will successfully mount from the server (and not use the refer mount point) – i.e. to make sure this doesn’t happen, you will need to disable NFSv3 (and NFSv2) access – e.g see:
https://opsech.io/posts/2016/Jan/26/nfsv4-only-on-CentOS-72.html
However, the above is all a bit messy – so I would be interested if you come across a simpler way of achieving this …
James Pearson